Directive 2014/53/EU · Del. Reg. 2022/30Generate my documentation — €99
ACTIVE — Enforcement tracker · Deadline dashboard · Transposition status — Updated weekly from EUR-Lex, Safety Gate, OEIL & 12 official sourcesView regulatory intelligence →

Your IP cameras record video, process personal data and communicate over the internet. Delegated Regulation (EU) 2022/30 applies Art. 3(3)(d) and Art. 3(3)(e) to your product. Your Dutch importer needs the documentation now.

You export IP cameras, video doorbells and surveillance systems to Europe. Your importer in the Netherlands sends a checklist of 15 cybersecurity documentation points. You don't know what Art. 3(3)(d) means. IP cameras are the product category under most scrutiny in Europe since the backdoor scandals — the documentation must be flawless. A Notified Body quotes €8,000–15,000 per model. REDCheck generates the 5 PDF documents covering Arts. 3(3)(d) and (e) for each model. 30 minutes. €99. 100% in your browser.

Generate my RED documentation — €99Free: does my product need RED cybersecurity documentation?

€99 one-time payment · 5 PDF documents in ZIP · 30 minutes · 100% in your browser

Directive 2014/53/EU · Art. 3(3)(d)(e)(f) · Art. 21 + Annex V · Art. 18 + Annex VI · Art. 10(9) + Annex VII · Delegated Reg. (EU) 2022/30 · EN 18031-1, -2, -3

RED cybersecurity documentation for IP cameras: the data

Delegated Regulation (EU) 2022/30 activated the cybersecurity requirements of Art. 3(3)(d) and (e) for all internet-connected radio equipment — including IP cameras that process personal data.

2 requirements
Art. 3(3)(d) (network protection) + Art. 3(3)(e) (personal data/privacy) — both apply to IP cameras that process video of identifiable persons
5 documents
Classification, technical documentation, risk assessment, EU declaration of conformity, simplified declaration + label
10 years
Art. 10(4) of Directive 2014/53/EU: manufacturers must retain technical documentation for 10 years after the product is placed on the market

What REDCheck does with your IP camera data

You enter your camera specifications. REDCheck structures the documentation requirement by requirement, covering both network protection and personal data.

1
Company details
Legal name, address, role (manufacturer, Art. 10), country of manufacture, EU authorized representative or importer contact.
2
Product classification
Confirms Art. 3(3)(d) for internet connectivity and Art. 3(3)(e) for personal data processing (video recording of identifiable persons constitutes personal data under Art. 4(1) GDPR).
3
Cybersecurity assessment — network (EN 18031-1)
Access control, authentication, secure communications, software integrity, secure updates, event logging, vulnerability management.
4
Cybersecurity assessment — personal data (EN 18031-2)
Data minimization, encryption of stored video, secure transmission, user consent mechanisms, data deletion capabilities.
5
Risk assessment + Declaration of Conformity
Structured risk table mapping both Art. 3(3)(d) and (e). Formal declaration under Art. 18 + Annex VI.
6
Download ZIP
5 PDF documents. Add to technical file. Retain 10 years.

Mistakes IP camera manufacturers make about RED cybersecurity

COMMON ERROR

"Video recording is not personal data"

The Court of Justice of the EU (CJEU) and the EDPB have consistently held that video footage of identifiable persons constitutes personal data under Art. 4(1) of Regulation (EU) 2016/679 (GDPR). An IP camera that records, stores or streams video of identifiable persons triggers Art. 3(3)(e) under Art. 1(2)(a) of Delegated Regulation (EU) 2022/30.

COMMON ERROR

"Our cameras passed FCC and CCC — that's enough for Europe"

FCC (US) and CCC (China) certifications cover electromagnetic compatibility and, in some cases, electrical safety. They do not cover the cybersecurity requirements of Art. 3(3)(d) and (e) of Directive 2014/53/EU. These are separate, EU-specific obligations. Your existing certifications are not interchangeable.

COMMON ERROR

"The importer will sort out the EU paperwork"

Art. 12(2) of Directive 2014/53/EU requires importers to verify — before marketing — that the manufacturer has carried out the conformity assessment and that technical documentation exists. The importer verifies. The manufacturer produces. If you do not provide the documentation, the importer cannot legally place your cameras on the EU market.

What's in the ZIP

5 PDF documents generated from your IP camera data. Each cites the exact article of Directive 2014/53/EU that it covers.

1

Product Classification

Art. 1, Del. Reg. (EU) 2022/30 + Art. 3(3), Dir. 2014/53/EU.

2

Cybersecurity Technical Documentation

Art. 21 + Annex V. Requirement-by-requirement documentation.

3

Risk Assessment

Arts. 3(3)(d) and (e). Structured risk table.

4

EU Declaration of Conformity

Art. 18 + Annex VI.

5

Simplified Declaration + Label

Art. 10(9) + Annex VII.

Look before you buy — Download sample dossier (PDF, fictitious product) — Real structure, real articles, real format. Fictitious data.

Generated from your data, in your browser. No product data leaves your computer.

What you pay

🧾 NOTIFIED BODY / CYBERSECURITY LAB
€8,000–€15,000
Per camera model. 3–6 months including queue time.
✓ REDCHECK
€99
5 documents. 30 minutes. Per model.

Technical documentation and third-party testing: two layers

● LAYER 1

Cybersecurity technical documentation (Annex V)

5 documents. 30 min. €99. The documentation required under Art. 21 before CE marking.

∅ LAYER 2

Third-party conformity assessment

If your cameras require a Notified Body under Art. 17(4), REDCheck generates the base documentation. The third-party assessment is a separate step and a separate cost.

We do not sell testing. We do not sell consulting. We sell the tool that structures your cybersecurity documentation under Art. 21 and Annex V.

What happens without cybersecurity documentation

Art. 46 of Directive 2014/53/EU requires Member States to establish penalties that are effective, proportionate and dissuasive.

🇪🇺
Market withdrawal + recall
Immediate

Art. 40 of Directive 2014/53/EU. IP cameras are a priority category for market surveillance due to privacy risks.

🇳🇱
Netherlands — NVWA enforcement
Variable

The Dutch market surveillance authority (NVWA) has publicly warned that importers of radio equipment without cybersecurity documentation will be held directly responsible.

🛒
Amazon listing suspension
Revenue loss

Amazon EU requires cybersecurity conformity documentation. Listings suspended without prior notice.

Alternatives

AlternativeCostWhat you get
EU cybersecurity lab€8,000–15,000/model3–6 months. Full assessment.
Your importer's consultancyVariableNot your cost, but they'll pass it on.
Do nothing€0 nowImporter finds another supplier in Dongguan.
REDCheck€995 documents, 30 min

Manufacturing multiple camera models?

IP cameras, video doorbells, baby cameras — if you document 10 or more models, the Professional Pack covers 70 generations for €999.

Request volume pricing
Reply within one business day.

What REDCheck guarantees and what it does not

REDCheck generates a document structured under Art. 21 and Annex V of Directive 2014/53/EU based on the information you enter. The truthfulness, accuracy and completeness of that information is your responsibility as manufacturer of the radio equipment.

We guarantee that the document structure follows Art. 21 and Annex V of Directive 2014/53/EU and that the legal references cited are correct as of the latest verification date. We do not guarantee that a specific document will be accepted by a market surveillance authority in a specific case, nor by a commercial buyer in a procurement process.

REDCheck is not legal advice. For specific situations, consult a lawyer or specialised regulatory consultancy.

Frequently asked questions — RED cybersecurity for IP cameras

My camera records video but only stores it locally on an SD card. Does Art. 3(3)(e) still apply?
If the video recording captures identifiable persons, it constitutes personal data processing under Art. 4(2) of Regulation (EU) 2016/679 (GDPR), regardless of where it is stored. Art. 1(2)(a) of Delegated Regulation (EU) 2022/30 applies Art. 3(3)(e) to any internet-connected radio equipment that processes personal data. An IP camera with local storage but internet connectivity triggers both Art. 3(3)(d) and (e).
My camera only connects via Bluetooth, not WiFi. Does Art. 3(3)(d) apply?
Art. 3(3)(d) applies to radio equipment that can communicate over the internet, directly or indirectly. If the camera connects via BLE to a smartphone app that relays data to the internet, the camera communicates over the internet indirectly. Art. 1(1) of Delegated Regulation (EU) 2022/30 covers both direct and indirect internet connectivity.
Does REDCheck cover the backdoor vulnerability issue specifically?
REDCheck structures documentation covering access control, authentication, password management and vulnerability management — all categories within EN 18031-1 and EN 18031-2. If your camera has default passwords, open Telnet ports or unencrypted communications, the risk assessment will flag these as non-conformities that you need to address at the technical level before declaring conformity.
My Dutch importer sent a 15-point checklist. Will REDCheck cover all 15 points?
REDCheck covers the cybersecurity requirements of Arts. 3(3)(d) and (e), the technical documentation under Art. 21 + Annex V, the declaration of conformity under Art. 18 + Annex VI and the simplified declaration under Art. 10(9) + Annex VII. If your importer's checklist includes non-cybersecurity items (EMC testing, electrical safety, user manual requirements), those are separate obligations under the Directive not covered by REDCheck.
Is it a subscription?
No. One-time payment. Each license includes a 30-day editing window and up to 10 regenerations. The 5 PDF documents you download are yours permanently.
Can I request a refund?
Under Art. 16(m) of Directive (EU) 2011/83 on consumer rights, by activating the license you give express consent to the immediate generation of the digital content, waiving the 14-day right of withdrawal. Refunds are accepted only for reproducible technical failures reported to hello@solidwaretools.com within 14 days of purchase.
What if the regulation changes?
If Directive 2014/53/EU, Delegated Regulation (EU) 2022/30 or the EN 18031 standards change during your license validity period, you can regenerate the documents with the updated version of the generator at no additional cost.

Official legal sources

⚠️ Important notice: REDCheck is a documentary self-assessment tool, not legal advice or a third-party audit. The document is generated from the data you enter. The accuracy of the data is your responsibility under Art. 10(1) of Directive 2014/53/EU. REDCheck does not replace a conformity assessment by a Notified Body where required under Art. 17(4) of the Directive.

Your Dutch importer is waiting. Generate the cybersecurity documentation for your IP cameras in 30 minutes.

Five documents. Arts. 3(3)(d) and (e) fully covered. Directive 2014/53/EU. Your product data never leaves your browser.

€99 per product
One-time payment · No subscription · 30 minutes · 10 regenerations · 30-day editing window · Professional Pack: €999
Generate my RED documentation — €99

Related landings

🔌 Smart plugs

Smart plug manufacturer: EU cybersecurity documentation
👶 Childcare

Baby monitor manufacturer: cybersecurity Art. 3(3)(e)
📦 Importers

German importer: RED cybersecurity documentation requirements
✓ Last regulatory check: 6 May 2026 · No substantive changes detected · View history